Paris, June 24 (AFP): Things are getting a little worrying: junk e-mail is getting intelligent.
True, those pitches for Viagra, gambling, baldness cures, cheap credit or phoney diets are just as crass as they ever were. But the techniques used to stuff the spam into your mailbox are getting smarter by the day.
“It is like an arms race and it appears at the moment that the spammers are winning,” Paul Wood, chief information analyst with MessageLabs, a British e-mail security company, told AFP. “To be honest, I expect it to get much more unpleasant in the future.”
In May, according to anti-spam firm Brightmail, nearly 50 per cent of all Internet traffic last month was unsolicited junk mail, an amplifying trend that translates into productivity losses of billions of dollars a year for corporations and individuals.
Spammers get into your mailbox by generating random addresses and spraying them into the ether in the hope they find a target.
And they also send out software robots called “spambots” which, like little spiders, crawl out over the web and harvest addresses posted in chatrooms and newsgroups.
In an experiment last year, US researchers at the Center for Democracy and Technology created 250 e-mail addresses, some of which were posted in the public domain and others in the corporate domain. Some addresses were posted using the A symbol, while others used human-readable equivalents: fredAbloggster.com would be written “fred at bloggster dot com”.
During their six-month study, the team received around 10,000 e-mails, 8,400 of which were spam. Ninety-seven percent of the junk derived from addresses that had been posted on public sites, with organisations linked to major portals like Yahoo! and AOL — themselves highly active on fighting spam — the biggest sources. But none of the addresses sent in human-readable form got junkmail, for they could not be read by the spambots.
Not yet, anyway. Anti-spam filters work by sniffing out keywords typically used in unwanted bulk mail and blocking the message before it hits the in-tray. So to get around the guardians, bulkmail copywriters are deploying efforts worthy of avant-garde poets to change the spelling of words in the subject line or replace letters with numbers.
They also strive to find unsullied, enticing words that can worm their way through — using “need to know,” “demo,” “preview” and “trial” rather than the over-spammed “free,” “opportunity,” “exciting” and “credit.”
But the spammers’ creative skills are also veering over to the dark side. One nasty invention, uncovered last October, is an e-mail greetings card in which victims are told they have to install a software “plug-in” to read the message. As soon as the mini-programme is installed, it starts blasting out pop-up advertising.
Worse is the highly illegal “Trojan spam” — a virus wrapped in an e-mail which exploits weaknesses in Microsoft’s Outlook programme.
MessageLabs last week said it found the first example of a highly sinister Trojan in which spammers take over a slave server or a computer with an “open proxy” broadband connection. Exploiting a loophole called the back door, it turns the machine into a junk mailer.
Unlike its predecessors, the new virus is almost impossible to trace and virtually undetectable by the victim, said Woods. Users might notice that their Internet connection has slowed down a little, but nothing more. In this case, the unknown spammer used the hijack technique to send out a million e-mails with ads for websites selling images of incest pornography.
Opening a legal front against spam has now become a major task. EU countries are due to implement a tough law by October that will require bulkmailers to secure the permission of the user before including his or her address on their mailing list.